Administration Console Online Help

Configure the Password
Validation provider

When configured in a security realm, the Password Validation provider
is automatically invoked by a supported authentication provider whenever
a password is created or updated for a user in that realm. The Password
Validation provider then performs a check to determine whether the
password meets the criteria established by the composition rules, and
the password is accepted or rejected as appropriate.

The password composition
rules you can configure for the Password Validation provider include the
following:

User name policies, such as whether the password can be the same
as the username.

Password length policies, such as a minimum or maximum
length.

Character policies, such as the minimum or maximum number of
alphabetic, numeric, or non-alphanumeric characters required in each
password.

Note: By default, the Default Authentication provider
requires a minimum password length of 8 characters. However, the minimum
password length enforced by the Default Authentication provider can be
customized. In either case, if the Default Authentication provider and
Password Validation provider are both configured in the security realm,
and you attempt to create a password that does not meet the minimum
length enforced by the Default Authentication provider, an error is
generated.

For complete details about each rule you can configure with the
Password Validation provider, see Configuration Options.

To configure the Password
Validation provider:

If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).

In the left pane, select Security Realms
and click the name of the realm you are configuring (for example,
myrealm).